Cryptographic Attacks and Network Security Controls Quiz
29 Questions
2 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the most significant direct impact of the vulnerability discovered by Wendy on her network?

  • Attackers may eavesdrop on network communications.
  • Automated attacks are more likely to succeed.
  • Attackers may use this information to gain administrative privileges. (correct)
  • Encryption will not protect credentials for this account.
  • Which technique is the most effective way to carry out a domain hijacking attack?

  • Network eavesdropping
  • ARP poisoning
  • DNS poisoning (correct)
  • Social engineering
  • Which character is the most important to restrict when performing input validation to protect against XSS attacks?

  • $
  • < (correct)
  • !
  • '
  • Darren visited a phishing site designed to look like a legitimate banking site after typing the bank's URL. What type of attack is likely taking place?

    <p>DNS poisoning</p> Signup and view all the answers

    Which technology must be enabled on a wireless network for a Pixie Dust attack to succeed?

    <p>WPS</p> Signup and view all the answers

    What type of attack is most productive when a website requires complex passwords?

    <p>Online brute force</p> Signup and view all the answers

    What type of attack likely occurred when Vivian noticed millions of connection attempts from systems around the world that were never completed?

    <p>DDoS</p> Signup and view all the answers

    Which attack against Bluetooth technology allows the attacker to steal information from the device?

    <p>Bluesnarfing</p> Signup and view all the answers

    What is the most dangerous consequence of a buffer overflow attack?

    <p>Arbitrary command execution</p> Signup and view all the answers

    Which of the following would not be considered an OSINT tool?

    <p>Vulnerability scans</p> Signup and view all the answers

    What cryptographic attack may be used to find collisions in a hash function?

    <p>Birthday attack</p> Signup and view all the answers

    Which is not a likely consequence of system sprawl?

    <p>Improper input validation</p> Signup and view all the answers

    Which control would best protect Bob's service from an attack by Mal?

    <p>Adding TLS encryption</p> Signup and view all the answers

    What is the primary issue that Charlie needs to address regarding the Windows XP systems?

    <p>Obsolete operating system</p> Signup and view all the answers

    What type of attack is most likely taking place when an end user trying to visit a banking website sees an error message?

    <p>Man-in-the-middle</p> Signup and view all the answers

    During a security review, Terry identified a system using the RC4 cipher with a 40-bit key to protect communications over Remote Desktop Protocol. What weakness does this pose?

    <p>Low encryption strength</p> Signup and view all the answers

    What distinguishes a Birthday attack from other cryptographic attacks?

    <p>Specifically targets hash functions</p> Signup and view all the answers

    What should Val do regarding the self-signed certificates?

    <p>Conduct a risk assessment to determine appropriateness</p> Signup and view all the answers

    What does the MX record identify?

    <p>Mail server for a domain</p> Signup and view all the answers

    How should Gina address the vulnerabilities related to port 3389?

    <p>Upgrade encryption on the network port</p> Signup and view all the answers

    What type of attack is indicated in scenario 30.D?

    <p>Phishing attack</p> Signup and view all the answers

    What is the purpose of SOA records in DNS?

    <p>Provide information about authoritative servers for a DNS zone</p> Signup and view all the answers

    What action is recommended for certificates used by external users?

    <p>Conduct a risk assessment before deciding</p> Signup and view all the answers

    Which feature is typically not supported by mobile device management solutions?

    <p>Carrier unlocking</p> Signup and view all the answers

    In a round-robin load balancing scenario, which server will receive the next request after Server A?

    <p>Server B</p> Signup and view all the answers

    What command-line utility can Ben use to identify active network connections and services listening on a Linux system?

    <p>netstat</p> Signup and view all the answers

    How did the system receive the IP address shown in the ipconfig output?

    <p>DHCP</p> Signup and view all the answers

    What type of VPN is Tim planning to deploy based on the high-level diagram provided?

    <p>Site-to-site VPN</p> Signup and view all the answers

    To protect the password file for his service, what can Vince do?

    <p>Encrypt the password file</p> Signup and view all the answers

    Use Quizgecko on...
    Browser
    Browser